Supported Lambda Responses in Skyhigh CASB
Lambda deployment packages (your code and libraries in a zip file) define your Lambda function, its events sources, and permissions. Make sure responses returned by your Lambda script match Skyhigh CASB specifications. This may require a degree of customization.
The following functions are supported by Skyhigh CASB.
IMPORTANT: No other functions are supported. Any missing functions will limit the information displayed in Skyhigh CASB.
Function | Description | Values/Example |
---|---|---|
status |
Lambda execution status |
success failure |
non_compliance |
List of non compliant entities |
entity_id : The id of the entity. E.g for a security group "sg-5fa41245" entity_name : The name of the entity. E.g for an IAM user "guru" metadata : An object (key,value) of the entity metadata E.g.
|
message | The status message |
failure: the error message is displayed in Skyhigh CASB success: the message is ignored |
compliance | List of compliant entity ids |
Below is a Lambda snippet with highlighted responses:
#cloudtrail_bucket_access_logging_enabled
#s3_bucket_access_logging_enabled_check
#cloudtrail_bucket_access_logging_enabled.check_buckets_handler
def check_buckets_handler(event, context):
non_compliance = []
compliance = []
bucket_logging=None
ct_client = boto3.client('cloudtrail')
allTrails = ct_client.describe_trails()["trailList"]
for trail in allTrails:
print (trail)
s3 = boto3.resource('s3')
cloudtrail_bucket_name=trail["S3BucketName"]
try:
bucket_logging = s3.BucketLogging(cloudtrail_bucket_name).logging_enabled
except:
print ("issue while checking loggin enabled flag with bucket name : "+cloudtrail_bucket_name)
if bucket_logging is not None :
compliance.append(trail["S3BucketName"])
else:
non_compliant_entity = dict()
dummy = dict()
dummy["buck_name"] = cloudtrail_bucket_name
non_compliant_entity["entity_id"] = cloudtrail_bucket_name
non_compliant_entity["entity_name"] = cloudtrail_bucket_name
non_compliant_entity['metadata'] = dummy
non_compliance.append(non_compliant_entity)
lambda_response = dict()
lambda_response["status"] = "success"
lambda_response["message"] = "lambda function execution is completed"
lambda_response["compliance"] = compliance
lambda_response["non_compliance"] = non_compliance
return lambda_response